wood burning stoves 2.0*
The moose likes JSP and the fly likes url encryption Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Java » JSP
Bookmark "url encryption" Watch "url encryption" New topic
Author

url encryption

Mike Ash
Greenhorn

Joined: Nov 03, 2006
Posts: 8
I'm using JSP together with struts and I need to set up a user with a link with sensitive information in the query string. So far I have not been able to find a way to encrypt the query string so the parameters are invisible encrypted to the user. I have tried this code with no success:

<%
String redirectURL = "http://someurl?name=param&id=3455";
response.sendRedirect(encodeRedirectUrl(redirectURL));
%>

I thought there may be a tag library or java library that would accomplish this task, but I've been unsuccessful so far. Any thoughts?

Thanks.


Thanks.
Ulf Dittmer
Marshal

Joined: Mar 22, 2005
Posts: 41113
    
  45
Welcome to JavaRanch.

Any URL encodings are just that - encodings, which are easily reversed. If you're really concerned about it, use encryption (e.g. using the JCE API, with help of the JCE taglib).

But what exactly do you mean by "sensitive"? What kinds of attacks do you expect? Or is it that the user should not see the ID?
[ December 20, 2006: Message edited by: Ulf Dittmer ]

Ping & DNS - my free Android networking tools app
Mike Ash
Greenhorn

Joined: Nov 03, 2006
Posts: 8
I'm using this in conjunction with Oracle Reports. The link that the user will be clicking on could potentially have information about their account and such. Basically, one of the requirements on the project is that the url be either encrypted or not visible...
Ulf Dittmer
Marshal

Joined: Mar 22, 2005
Posts: 41113
    
  45
Why would a user not be allowed to see information (or even just IDs) for their own account?

A non-visible URL (or hidden parameter) provides no security at all.
[ December 20, 2006: Message edited by: Ulf Dittmer ]
Mike Ash
Greenhorn

Joined: Nov 03, 2006
Posts: 8
Oracle Reports lives on a completely separate server and there is authentication information for that particular server that no user should ever see.
Bear Bibeault
Author and ninkuma
Marshal

Joined: Jan 10, 2002
Posts: 60782
    
  65

Then you will need to use encryption which, as pointed out, is not the same as encoding.

We don't have a specific forum dedicated to encryption, so I've moved this to the intermediate Java forum.


[Asking smart questions] [Bear's FrontMan] [About Bear] [Books by Bear]
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: url encryption
 
Similar Threads
How to redirect a request to another URL in Struts
Session is not invalidated
Sessions
JBoss and J2EE Security
url encryption